The Smallest Businesses Face the Biggest Cyber Risks

cyber riskWhile many of us long for the days when people had real-life conversations rather than truncated text chats, the reality is that the Internet is here to stay. And in the Internet Age, data is king.

As a small business owner, you collect customer data every day. And if you’re using the Internet, that data – along with all of your company’s sensitive information – is vulnerable to attacks.

Without the proper safeguards in place, your business could suffer a data breach that exposes sensitive information, disrupts your operations and opens the door to an expensive lawsuit.

Why Cyber Security Matters to Small Business

The majority of data breaches happen to small and mid-sized business. Surprised? Consider these chilling stats:

  • About 40% of all cyber attacks are aimed at small businesses, but because smaller firms have fewer resources to devote to cyber security…
  • More than 72% of successful data breaches happen in smaller companies.
  • About 71% of small business owners admit to lacking confidence in their current cyber security measures.
  • As many as 65% of businesses go without cyber insurance – even though many of them cite data breaches as their number one concern.

Even more troubling? The average cost of a data breach for a small to mid-sized business is a staggering $5 million.

Why Cyber Security Matters to YOUR Small Business

When a small business suffers a data breach, the fallout can be tremendous. A single breach can trigger a variety of financial damages, including:

  • Lawsuits (and the attendant legal costs) from clients whose data and security were compromised. These alone can reach into the tens of thousands of dollars and beyond.
  • Site repair costs to address security issues that allowed the breach to happen.
  • Public relations and / or advertising costs to restore the company’s image among current and potential clients.
  • Lost confidence and lost future business from current and potential clients whose confidence is shaken by the data breach.

Unfortunately, most small business owners believe that a data breach won’t happen to them, either because they have adequate protection in place or because their information isn’t worth stealing. In reality, hackers often see small businesses as prime targets because the data they store is typically less diligently protected than the data held by large corporations.

How Data Breaches Happen

In small businesses, data breaches can happen in a number of ways. Common scenarios include:

  • Your employee opens an email that contains a damaging virus, which spreads itself to everyone on the employee’s contact list, including clients. The virus hurts your business’s computer system, as well as your clients.
  • A virus compromises your company website, forcing you to redo the site and institute new security policies – which, of course, requires that you hire someone familiar with the relevant technology.
  • A hacker finds a way into your system and outright steals data from your files.
  • An employee who works from his tablet loses the device, which isn’t password protected, putting sensitive data at large. You now have to handle the data crisis as well as the fact that your employee’s productivity will likely plummet.
  • A former employee who left on bad terms accesses your system and wreaks havoc internally thanks to unchanged passwords.

Any of these scenarios could cause your clients financial loss, open your business to lawsuits, force you to shut down operations while you address the problem and damage your reputation with current and prospective clients. The associated costs could quickly spiral out of control.

Luckily, you’re not completely powerless against the data breach risks your business faces.

Tips to Manage Your Cyber Security Risks

The good news is that there are several strategies you can implement to keep your risk of data breaches low. These include:

  1. Using strong passwords. More than half of data breaches are caused by weak (aka “guessable”) passwords. Make yours strong and change them regularly.
  2. Implementing virus protection, firewalls and encryption techniques. These all make your network less vulnerable to attacks.
  3. Limiting information disclosure. Only give access to sensitive data to team members who absolutely need it.
  4. Investing in cyber liability insurance. Depending on your needs, you may be able to purchase this type of coverage as an add-on to your general liability policy. If your business has bigger data security needs, you can purchase a stand-alone cyber liability policy. Either way, the coverage will pay for the legal and recuperative costs associated with a data breach that affects your company.

The takeaway? The Internet, data and all its accompanying risks are not going away any time soon. Do your business, your clients and your bottom line a favor by preparing for the risks you face before they cause serious damage.

Virus Photo via Shutterstock

More in: 11 Comments ▼

Ted Devine is CEO of insureon, the leading online provider of business insurance to small and micro businesses. Prior to joining insureon, he was President of Aon Risk Services and a Senior Partner at McKinsey & Company.

11 Reactions
  1. Ted,

    Thanks for posting this scary article.

    For small businesses that allow employees access to internet-related tools and their computer systems, cyber insurance may not be “optional.”

    Again, thanks!

    The Franchise King®

  2. Cyber security is definitely important to have. And you need to make sure it’s the best that it can be. One of my blogging friends just got her whole site hacked; so you need to make sure you keep it updated regularly, even if you think you’ve got all your bases covered.


  3. Wow Ted,
    You hit the nail in the head.
    This is a scary subject indeed. And we feel it is of utmost importance for small business owners.

    We have yet to meet a small business owner or manager that wants to mess around with hosting, tech support, and website maintenance. 99.9% of the small business owners we work with tell us that they do not have the time or energy to try to maintain an up-to-date website.

    That is why we started Vinotec. We don’t like to see our local businesses suffer, and struggle, as they try to maintain a web presence. Most of them, if they have a website at all, are letting it slip into past-century out-datedness, and security risks become huge.

    Thanks again for the great article

  4. Ted Devine: Could a cloud service be the solution to the problem?

  5. I recently heard that there are 100K+ hacks EVERY DAY!! When developing disaster recovery plans for my small business clients, I also recommend they implement some “watchdog” type services like Sucuri to monitor and repel hacks on their website(s).

  6. Ted, great article. Few businesses realize how vulnerable they are. Many falsely think they are safe if they are using a 3rd party vendor for data storage, but state and federal laws hold the “owner” of the data responsible for notification in the event of the breach, regardless of whether they have outsourced data storage and processing.

    The cyber limits available through a BOP or standard package policy are rarely enough, but stand-alone data breach policies are surprisingly affordable now.

    Thanks for sharing your insight and helping to raise awareness. – Katie

  7. It is crazy to think about how unprotected you could be without even realizing it! Thanks for the read. Do you have any more tips or recommended articles about virus protection and encryption techniques? 🙂